IT Compliance Analyst

About The Position

Requirements

• Bachelor of Science in Computer Science, Information Technology, Information Security, or related field.
• Expert knowledge in at least one of the following: PCI DSS, SOX, SOC 2, NIST 800-171, NIST 800-53, NIST CSF, FedRAMP, ISO 27001 and/or ISO 42001.
• 3 to 5 years of experience in relevant fields.
• Experience in developing and delivering presentations to senior management outlining program benefits, status, issues and recommendations.
• Proficient in time management; the ability to organize and manage multiple priorities.
• Able to take initiative and effectively adapt to changes.
• Able to establish and maintain a cooperative working relation.
• Able to use sound judgment; work independently, with minimal supervision.
• Strong analytical and problem-solving skills.
• Strong attention to detail and commitment to accuracy.
• High ethical standards and integrity in managing sensitive information.
• Able to lead external auditors through audits with precision and confidence.
• Able to perform a variety of duties, often changing from one task to another of a different nature, with impending deadlines and/or established timeframes.
• Competent in public speaking.

Nice To Haves

• Relevant certifications such as CISSP, CISA, CIA, or CRISC are highly desirable.

Responsibilities

• Coordinates and evaluates audits and reviews of various IT applications and systems to ensure information security processes and procedures are effective.
• Prepare reports of findings for review by management, including recommended remediation as necessary.
• Monitors and assesses compliance with industry regulations and internal policies.
• Conducts regular compliance audits and risk assessments to identify gaps and recommend corrective actions.
• Supports the development and implementation of risk mitigation strategies.
• Conducts periodic reviews of information security policies, procedures, and compliance, and prepares reports of findings to be reviewed by management.
• Coordinates the annual risk assessment reviews and operational audits.
• Assists with the development and implementation of information classification and control policies and procedures.
• Remains current with changes in information resources security legislation and regulations.
• Manages and maintains all information security and compliance related awareness training.
• Assists various business units in implementing and maintaining information resources security.
• Assists in all information security and compliance related awareness training.
• Assists with the investigation, documentation, and response to all suspected information security events.
• Adheres to Company standards and maintains compliance with all policies and procedures.
• Works closely with IT, Legal, Information Security, and other departments to ensure cohesive compliance efforts.
• Supports incident response planning and testing activities.
• Performs related duties as assigned.

Benefits

• red violet offers unique benefits including a generous PTO policy; medical, dental and vision coverage; a 401K plan, commuter benefits, in office healthy snacks, team events and more.